PT-2019-2631 · Gnome+7 · Gnome Gvfs+7

Malte Kraus

Published

2019-05-29

Updated

2024-06-15

CVE-2019-12449

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GNOME gvfs versions 1.29.4 through 1.41.2

Description The issue is related to the mishandling of a file's user and group ownership during move and copy operations from admin:// to file:// URIs in the daemon/gvfsbackendadmin.c component of the GVFS subsystem in GNOME. This is due to the unavailability of root privileges. The vulnerability may allow a remote attacker to impact the integrity, confidentiality, and availability of protected information when copying files using G FILE COPY ALL METADATA.

Recommendations For versions 1.29.4 through 1.41.2, consider restricting the use of the daemon/gvfsbackendadmin.c component until a patch is available, especially when performing operations involving admin:// and file:// URIs. Avoid using the G FILE COPY ALL METADATA option for copying files between these URIs to minimize the risk of exploitation.

Fix

Improper Handling of Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-275CWE-755

Related Identifiers

ALSA-2020:1766

ALT-PU-2019-2363

ALT-PU-2019-2406

ALT-PU-2019-2783

BDU:2019-02516

CESA-2020_1766

CVE-2019-12449

MGASA-2019-0214

OPENSUSE-SU-2019:1697-1

OPENSUSE-SU-2019:1699-1

OPENSUSE-SU-2019_1697-1

OPENSUSE-SU-2019_1699-1

OPENSUSE-SU-2024:10838-1

RHSA-2020:1766

RHSA-2020_1766

RLSA-2020:1766

SUSE-SU-2019:1717-1

USN-4053-1

Affected Products

Alt Linux

Almalinux

Centos

Gnome Gvfs

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2019-2631 · Gnome+7 · Gnome Gvfs+7

CVE-2019-12449

Weakness Enumeration

Related Identifiers

Affected Products

References · 149